06/22/2009 15:43 FAX 212 223 9651 



LAW OFFICES P CANELIAS 



©025/028 



Appl. No. 10/798,079 

Amdt. Dated June 22, 2009 

Reply to Office action of December 22, 2008 

with the statement in the office action that **complianf' as per atomic messages is not in 
the claim(s). Claim 98 specifically states the steps of (1) analyzing the plurality of 
atomic messages for compliance with the first set of rules; and (2) executing compliant 
database events (emphasis added). 

The next limitation, sending a signal to a console operator when a database event 
is not compliant with the first set of rules, is cited to Bapat's disclosure that if a maicb is 
found* the request is denied, and a response is returned to the initiator if appropriate. 
Again, applicant does not see a signal being sent to a console operator when an event is 
not compliant with a first set of rules. 

The next limitation, allowing a console operator to create exceptions when signals 
are sent by the listening agent, is cited to users authorized to modify the access control 
tree. The statement in Bapat that someone is authorized to modify the access control tree 
Is not the step of allowing a console operator to create exceptions when signals are sent 
by the listening agent. Whether the inveniion of Bapat may be customized does not 
disclose this process step. 

The next limitation, updating the first set of rules with the exceptions created by 
the console operator, is cited to users authorized to modify the access control tree. The 
limitation is a step; updating the rules created by the console operator. The Bapat 
disclosure merely states that there are users authorized to modify the access control tree. 
This does not meet the limitation of the instant process step. 

The next and last limitation, storing the signals received by the console operator 
in a data file residing with the console, is cited to the deny/grant decision for each access 
request may be stored in a security audit trail. The cited portion of Bapat does not 
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disclose storing the signals received by the console operator, nor that the data file resides 
with the console^ and thus this Umitation is not anticipated by the cited disclosure. 
In view of these considerations, it is respectfully submitted that ihe rejection of claun 98 
shoidd be withdrawn. 

As per claim 101, ihe applicants note that claim 1 01 is dependent on claim 98, 
and is not independent. The citation to Bapat does not show specifically the subject 
matter of claim 101, i.e., thai the particular SQL statement is a write operation to a data 
dictionary, rather, the citation merely states that a suspicious directory name would 
generate a notification, with a subsequent rejection if a match is found. 

Section 103 

It is noted that the Examiner has rejected claims 99 - 104as being unpatentable 
over Bapai in view of a number of different references. Those references include 
Shostack, (US. Patent No. 6,298,445) hereinafter referred to as Shostack; Rcshef (U.S. 
Pat. No. 6,321,337) hereinafter referred to as Reshef; and Rowland (U.S. Pat No, 
6,405,3 18) hereinafter referred to as Rowland. 

Dependent claim 99; Shostack does not teach the implementation of a buffer overflow 
analysis at the database level. The present invention is directed to database level, SQL 
analysis, which is not taught or suggested by Shotack. 

Dependent claim 100; Reshef is cited for detecting whether an executable SQL 
statement includes an operating system call, where Reshef merely states that "[a]ny 
breach of the permitted flow sequences by disorderly operating system calls or looping 
will be crapped and logged/' Reshef does not teach or disclose the analysis of the present 
invention, which applies to SQL statements for a system that resides at the database level. 
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Dependent claims 102-104: Rowland is not a compatible struciure or method with the 
present invention. Rowland is directed to intercepting activity at the IP/TCP level, and 
not at the database level. Rowland does not disclose any method of analyzing SQL 
siatemenis ai ihe database level, which is the purpose of the present invention. 



Applicants respectfully request that the examiner reconsider the decision that 
Reshef is analogous art. Applicants maintain that the reference is nonanalagous art 
because Reshef concerns a security gateway system positioned between an external, 
unirusted computing environment and an internal, trusted computing enviromnent, and 
does not concern security at the database level through analysis of SQL statements. 

CONCLUSION 

Applicants believe that the above places the application in a condition for 
allowance. 

Respectfully submitted, 

Law Offices of Peter S. Canelias June 22, 2009 
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